Equifax Credit Assistance Site Served Spyware

Big-three consumer credit bureau Equifax says it has removed third-party code from its credit report assistance Web site that prompted visitors to download spyware disguised as an update for Adobe’s Flash Player software.

Image: Randy-abrams.blogspot.com

Image: Randy-abrams.blogspot.com

On Wednesday, security expert and blogger Randy Abrams documented how browsing a page at Equifax’s consumer information services portal caused his browser to be served with a message urging him to download Adobe Flash Player.

“As I tried to find my credit report on the Equifax website I clicked on an Equifax link and was redirected to a malicious URL,” Abrahms wrote. “The URL brought up one of the ubiquitous fake Flash Player Update screens. ”

Ars Technica’s Dan Goodin was the first to cover the discovery, and said the phony Flash Player installer was detected by several antivirus tools as “Adware.Eorezo,” an intrusive program that displays advertisements in Internet Explorer and may install browser toolbars and other unwanted programs.

Several hours after Goodin’s piece went live, Equifax disabled the page in question, saying it was doing so out of “an abundance of caution” while it investigated the claims.

In a follow-up statement shared with KrebsOnSecurity this afternoon, however, Equifax said the problem stemmed from a “third-party vendor that Equifax uses to collect website performance data,” and that “the vendor’s code running on an Equifax Web site was serving malicious content.” Equifax did not say who the third party vendor was.

“Since we learned of the issue, the vendor’s code was removed from the webpage and we have taken the webpage offline to conduct further analysis,” reads the statement. “Despite early media reports, Equifax can confirm that its systems were not compromised and that the reported issue did not affect our consumer online dispute portal.”

That closing line of Equifax’s statement may do little to assuage a public that has grown increasingly weary of Equifax’s various security and public relations failures since it announced on Sept. 7, 2017 that hackers broke into the company’s servers and stole Social Security numbers and other sensitive data on more than 145 million Americans.

On Sunday, KrebsOnSecurity published a story warning that Equifax’s payroll and tax administration site made it simple to access detailed salary and employment history on a large portion of Americans using little more than someone’s Social Security number and date of birth — both data elements that were stolen in the recent breach at Equifax. Equifax disabled that service just hours after the story ran, replacing it with a message stating the site was under maintenance. Four days later, that site remains offline.

Trump to rebuke Iran but won’t call for sanctions that threaten nuclear deal

  • European officials relieved Trump won’t urge reimposition of sanctions
  • US president to declare Iran’s revolutionary guard a terrorist organisation

Donald Trump is expected to disavow the Iran nuclear deal in a speech on Friday denouncing the government in Tehran, but will not call for the reimposition of sanctions that would have risked the collapse of the agreement, according to officials briefed on the president’s intentions.

European officials expressed relief that the White House speech did not appear to represent an US abrogation of the 2015 deal, which they had intensively lobbied against since it became clear over recent months that Trump did not want to continue to certify the deal to Congress.

Continue reading…

Woman with dementia feared taken by crocodile in Queensland

Police find clothes and human remains after Anne Cameron, 79, went missing near a nursing home in Port Douglas on Tuesday

Forensic testing is being conducted on “biological matter” found near clothing and a walking stick after a dementia sufferer went missing from a far north Queensland nursing home.

Anne Cameron, 79, was last seen near a nursing home at Craiglie, Port Douglas, on Tuesday afternoon. Police fear Cameron, who only been at the facility for a few weeks, may have been taken by a crocodile after becoming disoriented when she wandered into a dense area of bushland.

Continue reading…